diff --git a/morph/grid/local/config.json b/morph/grid/local/config.json
index 52809842c8877b2e9c5c87a9239d37c61f1b8896..3f643ca96d4c8c743ca81e5a76d7d8393722a91b 100644
--- a/morph/grid/local/config.json
+++ b/morph/grid/local/config.json
@@ -11,4 +11,5 @@
"http://localhost:5000"
]
, "monitoringGoogleOAuthClientID": ""
+, "borgBackupRepoPath": "vjs989hy@vjs989hy.repo.borgbase.com:repo"
}
diff --git a/morph/grid/local/grid.nix b/morph/grid/local/grid.nix
index 088d9e8c79422b82d638a42aeab5da1fcf14f536..003f52a8287f916f523aa487ad8e8ce26a2161b7 100644
--- a/morph/grid/local/grid.nix
+++ b/morph/grid/local/grid.nix
@@ -57,7 +57,7 @@ let
grid = {
publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
- inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
+ inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
};
# Configure deployment management authorization for all systems in the grid.
services.private-storage.deployment = {
diff --git a/morph/grid/local/public-keys/borgbackup/storage1.repopath b/morph/grid/local/public-keys/borgbackup/storage1.repopath
deleted file mode 100644
index 7e24d080bc7e8f29c0f28404e149e2fdb65dca45..0000000000000000000000000000000000000000
--- a/morph/grid/local/public-keys/borgbackup/storage1.repopath
+++ /dev/null
@@ -1 +0,0 @@
-vjs989hy@vjs989hy.repo.borgbase.com:repo
diff --git a/morph/grid/local/public-keys/borgbackup/storage2.repopath b/morph/grid/local/public-keys/borgbackup/storage2.repopath
deleted file mode 120000
index f8e96aa803817b407aa0829c7bfcc451703b557e..0000000000000000000000000000000000000000
--- a/morph/grid/local/public-keys/borgbackup/storage2.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage1.repopath
\ No newline at end of file
diff --git a/morph/grid/production/config.json b/morph/grid/production/config.json
index 8cdeaab993fd894783953e7c8f51cd9ea3bed96d..7d734e2303f6959a22aa013e4bab2aa5725d09a1 100644
--- a/morph/grid/production/config.json
+++ b/morph/grid/production/config.json
@@ -17,4 +17,5 @@
"https://private.storage"
]
, "monitoringGoogleOAuthClientID": "802959152038-klpkk38sfnqmknn1ucg7pvs4hcc2k8ae.apps.googleusercontent.com"
+, "borgBackupRepoPath": "still-to@fill-in.repo.borgbase.com:repo"
}
diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix
index 06fe07f8277bf81e26e2f9f735783614c117a7b3..2e9a10293d1718c9e5c34faefcb4563b58277667 100644
--- a/morph/grid/production/grid.nix
+++ b/morph/grid/production/grid.nix
@@ -19,7 +19,7 @@ let
grid = {
publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
- inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
+ inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
};
# Configure deployment management authorization for all systems in the grid.
services.private-storage.deployment = {
diff --git a/morph/grid/production/public-keys/borgbackup/storage001.repopath b/morph/grid/production/public-keys/borgbackup/storage001.repopath
deleted file mode 100644
index 8ab7655f7f49a3aaa87e37a341597aefb14372cd..0000000000000000000000000000000000000000
--- a/morph/grid/production/public-keys/borgbackup/storage001.repopath
+++ /dev/null
@@ -1 +0,0 @@
-tqxc4i79@tqxc4i79.repo.borgbase.com:repo
diff --git a/morph/grid/production/public-keys/borgbackup/storage002.repopath b/morph/grid/production/public-keys/borgbackup/storage002.repopath
deleted file mode 120000
index 307413014b63c9b02305e5c01409d2397d819b8f..0000000000000000000000000000000000000000
--- a/morph/grid/production/public-keys/borgbackup/storage002.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage003.repopath b/morph/grid/production/public-keys/borgbackup/storage003.repopath
deleted file mode 120000
index 307413014b63c9b02305e5c01409d2397d819b8f..0000000000000000000000000000000000000000
--- a/morph/grid/production/public-keys/borgbackup/storage003.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage004.repopath b/morph/grid/production/public-keys/borgbackup/storage004.repopath
deleted file mode 120000
index 307413014b63c9b02305e5c01409d2397d819b8f..0000000000000000000000000000000000000000
--- a/morph/grid/production/public-keys/borgbackup/storage004.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/production/public-keys/borgbackup/storage005.repopath b/morph/grid/production/public-keys/borgbackup/storage005.repopath
deleted file mode 120000
index 307413014b63c9b02305e5c01409d2397d819b8f..0000000000000000000000000000000000000000
--- a/morph/grid/production/public-keys/borgbackup/storage005.repopath
+++ /dev/null
@@ -1 +0,0 @@
-storage001.repopath
\ No newline at end of file
diff --git a/morph/grid/testing/config.json b/morph/grid/testing/config.json
index ba48a27deea9d35150b1834727b659e4972bd2e5..914ffd4486acc2bfc3d106a29872d2feb9364d7d 100644
--- a/morph/grid/testing/config.json
+++ b/morph/grid/testing/config.json
@@ -18,4 +18,5 @@
, "https://privatestorage-staging.com"
]
, "monitoringGoogleOAuthClientID": "802959152038-6esn1c6u2lm3j82lf29jvmn8s63hi8dc.apps.googleusercontent.com"
+, "borgBackupRepoPath": "tqxc4i79@tqxc4i79.repo.borgbase.com:repo"
}
diff --git a/morph/grid/testing/grid.nix b/morph/grid/testing/grid.nix
index c033da1279fa44800e994dc07df3f5febc97d60d..65adee9fb5c33faa47d740de44f81b80873d5f57 100644
--- a/morph/grid/testing/grid.nix
+++ b/morph/grid/testing/grid.nix
@@ -19,7 +19,7 @@ let
grid = {
publicKeyPath = toString ./. + "/${grid-config.publicKeyPath}";
privateKeyPath = toString ./. + "/${grid-config.privateKeyPath}";
- inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail;
+ inherit (grid-config) monitoringvpnEndpoint letsEncryptAdminEmail borgBackupRepoPath;
};
# Configure deployment management authorization for all systems in the grid.
services.private-storage.deployment = {
diff --git a/morph/grid/testing/public-keys/borgbackup/storage001.repopath b/morph/grid/testing/public-keys/borgbackup/storage001.repopath
deleted file mode 100644
index 8ab7655f7f49a3aaa87e37a341597aefb14372cd..0000000000000000000000000000000000000000
--- a/morph/grid/testing/public-keys/borgbackup/storage001.repopath
+++ /dev/null
@@ -1 +0,0 @@
-tqxc4i79@tqxc4i79.repo.borgbase.com:repo
diff --git a/morph/lib/base.nix b/morph/lib/base.nix
index 4173497720901bacd13555c22abbec04c08d76be..bfaa4f48a7c83a9dfa3680e648a4ef93441a8016 100644
--- a/morph/lib/base.nix
+++ b/morph/lib/base.nix
@@ -30,7 +30,6 @@
The domain name and port of the monitoring VPN endpoint.
'';
};
-
letsEncryptAdminEmail = lib.mkOption {
type = lib.types.str;
description = ''
@@ -38,6 +37,12 @@
certificate issuance.
'';
};
+ borgBackupRepoPath = lib.mkOption {
+ type = lib.types.str;
+ description = ''
+ The Borg backup repository shared between all nodes of one grid.
+ '';
+ };
};
# Any extra NixOS modules to load on all our servers. Note that just
diff --git a/morph/lib/borgbackup.nix b/morph/lib/borgbackup.nix
index 229dc218bc537d03e23052c51ea8ae42d851a5dd..9d17629dd9e73064b864b21a4a103c7d3d3210d5 100644
--- a/morph/lib/borgbackup.nix
+++ b/morph/lib/borgbackup.nix
@@ -6,7 +6,7 @@
{ lib, config, ...}:
let
cfg = config.services.private-storage.borgbackup;
- inherit (config.grid) publicKeyPath privateKeyPath;
+ inherit (config.grid) publicKeyPath privateKeyPath borgBackupRepoPath;
# Get a per-host number of hours to start the backup at a
# time that should be "night" in most of the USA:
@@ -46,8 +46,9 @@ in {
services.borgbackup.jobs = {
daily = {
paths = cfg.paths;
- repo = lib.fileContents "${publicKeyPath}/borgbackup/${config.networking.hostName}.repopath";
doInit = false;
+ repo = borgBackupRepoPath;
+ archiveBaseName = config.networking.hostName;
encryption = {
mode = "repokey-blake2";
passCommand = "cat /run/keys/borgbackup/passphrase";